Category: Security

# If redirect-gateway is enabled, the client will redirect it's# default network gateway through the VPN.# It means the VPN connection will firstly connect to the VPN Server# and then to the internet.# (Please refer to the manual of OpenVPN for more information.)

redirect-gateway def1

When the local network of the OpenVPN client is the same as the local network of the OpenVPN server than you can add the following line to the ovpn configuration file.

route <ip address>

for example both networks have the same local network: 192.168.1.0/24 and traffic is not sent inside the VPN tunnel you can add to reach 192.168.1.10 on the local network of the VPN server

route 192.168.1.10

When you have problems with DNS for example with the DNS servers of Ziggo who only allow queries from their own network. You can change your DNS settings to the nameservers of Google. Name servers are 8.8.8.8 and 8.8.4.4

Warning message in the log file:

WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

You see this message when you connect with a standard OpenVPN server from Synology and is showed because of the way Synology implemented their OpenVPN server.

Send expiration notification emails; sent at 12:00, Days before the expiration; 14,10,5,3,2,1

Advanced, 2-Step Verification,

Enforce 2-step verification for the following users, all users

Control Panel, Terminal & SNMP, Terminal:

(in case) SSH service, advanced settings, High

Control Panel, Security, Security:

Improve protection against cross-site request forgery attacks

Improve security with HTTP Content Security Policy (CSP) header.

Do not allow DSM to be embedded with iFrame.

Clear all saved user login sessions upon system restart.

Control Panel, Security,Firewall:

consider enabling firewall which depends on the IT infrastructure. Firewall rules can be enabled for VPN services which can improve security or protect a access for Hyperbackup. This can be implemented with an allow and deny rule for certain services.